Data Holder is Dr. Vranjes Firenze S.p.A. No representative has been appointed as the Holder is based in Italy.

2. Contact details of the person in charge of the data protection

The Holder has placed Andrea d’Anna in charge of data protection and can be contacted at the holder’s head offices or via e-mail at dpo@drvranjes.it

3. Data handling methods

3.1 Cookie and environmental data

TECHNICAL COOKIES

Navigation, functional and session cookies: allow the site to work properly. Use of so called session cookies (that are not stored permanently on the device in question and are automatically deleted when the browser is shut down) is strictly limited to the transmission of identification codes for the individual sessions and is employed for the safe and efficient use of the site. They can be divided into:

- activities strictly required for operational purposes: cookies used to save the User session and carry out other activities solely required to operate the application, for example in relation to the distribution of traffic;- saving preferences, optimisation and statistics activities: cookies used to save the browsing preferences and optimise the User’s browsing experience. These Cookies include, for example, those for language setting and the assessment or management of statistics by the site's Holder.

Statistical cookies: the site uses statistical cookies created directly by the data holder, as first party, or supplied by third parties. In the latter case, suitable measures have been adopted to reduce identification power, via the masking of significant parts of the IP addresses handled. Furthermore, the use of these third party statistical cookies is dependent on contractual limitations that commit the third party to use them exclusively for providing the service, storing them separately and not “enriching them” or “intersecting them” with other information that they are in possession of. As far as the Google Analytics cookies are specifically concerned, the information that can be retrieved from the cookies on the use of the site by users will be transmitted by the browser of the person in question to Google Inc. based in 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States and stored in the company’s servers.

The Google privacy regulations that we would ask you to read can be found at the following address:

Browsing data and environmental variables: The computing systems and procedures designated to operating the site, automatically acquire certain personal data about the browsing of the person in question, during regular operations, including environmental variables. Some examples of the data in this category include:

IP addresses of the computers employed by the user availing themselves of the service;

number of accesses;

pages viewed;

date and time when access was made;

URL where the browser was before displaying this page;

browser type;

operational system used.

NON-TECHNICAL COOKIES

Profiling cookies: the site uses profiling cookies supplied by third parties. In detail, the following are used:

- interaction with social networks and external platforms: this kind of service allows you to interact with social networks, or with other external platforms, directly from this application’s pages. The interaction and information acquired by this application is, in any case, subject to the User's privacy settings specific to each social network.

If an interaction service with the social networks is installed, it is possible that, even if Users do not use the service, traffic data will still be collected regarding the pages where it is installed.

AddThis (Addthis Inc.): is a service provided by Clearspring Technologies Inc. that displays a widget that allows for interaction with social networks and external platforms and sharing the contents of this application. Depending on the configuration, this service can show widgets belonging to third parties, for example, handlers of social networks on which to share the interactions. In this case, even third parties that distribute widgets will be informed of the interaction made and the data used relative to the pages on which this service is installed.

Re-marketing and behavioural targeting: allows this application and its partners to communicate, optimise and provide adverts based on past use made of this Application by the User. This activity is performed by tracing the data used and the use of cookies, information that is transferred to partners with whom the activity of re-marketing and behavioural targeting is linked. In addition to the possibilities of carrying out opt-outs offered by the services given below, the User can opt to exclude receipt of cookies linked to a third party service, by visiting the Network Advertising Initiative opt-out page.

Facebook Re-marketing (Facebook, Inc.): is a Re-marketing and Behavioural Targeting service provided by Facebook, Inc. that links the activity of this Application to the Facebook advertising network.

AdWords Re-marketing (Google, Inc.): is a Re-marketing and Behavioural Targeting service provided by Google Inc. that links the activity of this Application to the AdWords advertising network and Doubleclick Cookie.

- Statistics: the services contained in this section allow the Data Holder to monitor and analyse the traffic data and are used to keep track of the User’s behaviour.

Google Analytics with anonymised IP (Google Inc.): is a web analysis service provided by Google Inc. (“Google”). Google uses the Personal Data collected to track and examine the use of this Application as well as fill in reports and share them with other services developed by Google. Google could use the Personal Data to contextualise and personalise the adverts on its own advertising network. This Google Analytics integration makes your IP address anonymous. Anonymisation works by abbreviating the User’s IP address within the confines of EU member states or other countries adhering to the European Economic Space agreement. Only in exceptional cases will the IP address be sent to Google servers and abbreviated in the United States. Personal Data collected: Cookies and Data used.

Monitoring of Facebook Ads conversions (Facebook, Inc.): is a service of statistics provided by Facebook, Inc. that links the data from the network of Facebook adverts with the actions carried out within this Application.

The optional data freely provided by the person in question by sending an e-mail to the addresses on the site can be acquired for the ends indicated in point 4.

In particular, as well as the e-mail address needed to reply to the sender, other personal data contained in the relative communication will be handled.

4. Handling purposes and juridical basis for handling

In order to send direct marketing communications, newsletters, advertising, via traditional contact systems and automated IT systems, including sales or advertising communications via e-mail or SMS, or for market research and analysis. In this case, it is the consensus, expressed in compliance with this statement, that represents a juridical foundation.

For profiling activity and to establish habits and preferences. In this case, it is the consensus, expressed in compliance with this statement, that represents a juridical foundation.

Only data provided by the person in question will be handled, in compliance with this regulation, collected from the website.

7. Recipients and possible categories of personal data recipients

Recipients of the person in question’s personal data could be:

communication firms that carry out commercial communication and profiling work on behalf of the Holder and appointed to handle the data;

firms that offer IT company services, in particular, those that offer hosting services.

8. Data categories

The personal data of the person in question will be handled.

9. Data transfer

The Holder's intention is to transfer personal data to a third party Country or international organisation. These subjects could be represented, for example, by

communication firms that perform communication work for the Holder;

firms that offer IT company services, including, in particular, those that offer hosting services;

communication firm service suppliers.

Transfer of personal data to these subjects, if settled in a third party Country or international organisation, is done in the presence of an adequacy decision from the European Commission that has assessed how the third party Country, territory or one or more specific sectors within the third party Country, or international organisation in question, guarantee a suitable level of protection of its rights. In any case, the Holder – should they see fit – reserves the right to finalise specific separate agreements that oblige these subjects to adopt adequate safety measures, including organisational safety measures, aimed at providing appropriated guarantees of their rights. In particular, Google Inc. is contractually bound to guarantee suitable protection of the rights of the person in question. The data could, therefore, be transferred to the following countries: UK and United States of America. In order to receive a copy of this data or the place where it has been made available, just send a request to the following e-mail privacy@drvranjes.it.

10. Storage period of personal data

The personal data handled for marketing purposes is handled and stored until the person in question revokes consensus or requests its deletion.

Personal data handled for the purpose of establishing preferences is handled and stored for a period no longer than 12 months from when it was collected.

The Holder reserves the right, in any case, to request that the party in question renew their consensus for data handling and/or checks the consensus already expressed.

11. Option to provide consensus and consequences of denied consensus

With regard to handling personal data for marketing purposes, the communication of personal data is not a contractual requirement. Providing personal data is optional; however, if this data is not communicated, no marketing activities will be possible;

With regard to handling personal data for profiling purposes, the communication of personal data is not a contractual requirement. Providing personal data is optional; however, if this data is not communicated, no profiling activities will be possible.

12. Rights of the person in question

12.1 Right to oppose

With regard to the personal data handled via technical cookies in order to allow for the website to work properly, communication of personal data is not a contractual obligation, but one founded on the Holder's legitimate interest, in as much as, without consensus to handle the data, it will not be possible to provide a perfectly functioning website.

Consensus should be considered optional in relation to non-technical cookies. In the latter case, failed communication of this data will only result in the impossibility to provide a personalised service. In relation to data provide voluntarily via e-mail, consensus should be considered optional. However, failure to communicate this data will make it impossible to reply to the person in question;

In relation to the data communicated for contractual and pre-contractual purposes, the communication of personal data is a contractual obligation and a requirement for carrying out the pre-contractual negotiations and to finalise the contract. The person in question has the option to provide personal data; however, in the absence of this data being communicated, it will not be possible to finalise any contract or carry out any contractual negotiations;

With regard to data provided voluntarily via e-mail, failure to communicate this will make it impossible to reply to the person in question.

12.2 Other rights

The Holder also intends to inform the person in question of the existence of the following rights in his/her favour:

Right of access by the person in question: the person in question has the right to obtain confirmation from the Holder that personal data regarding him/her is being handled and, if this is the case, to obtain access to the personal data and specific information, in compliance with art. 15 of the GDPR.

Amendment right: the person in question has the right to obtain an amendment of inaccurate personal data that regards him/her without undue delay. Having taken into account the purposes of handling the data, the person in question has the right to obtain the integration of incomplete personal data, by even providing a supplementary declaration, in compliance with art. 16 of the GDPR.

Right to data deletion, including the right to withdraw consensus: the person in question has the right to have his/her personal data deleted by the Holder without undue delay and the Holder is obliged to delete this personal data without undue delay, or to withdraw consensus, if the reasons defined in art. 17 of the GDPR are present. As far as the right to withdrawal is concerned, the person in question also has the right to withdraw consensus at any time without compromising the legitimacy of the handling based on the consensus presented prior to withdrawal.

Right of data handling limitation: the person in question has the right to obtain a limitation from the Holder on the handling of the data when the circumstances set out in art. 18 of the GDPR are resorted to.

Right to data portability: the person in question has the right to receive the data regarding them in a structured format, for common use and legible from automatic devices, provided by the Holder and has the right to transmit this data to another holder without impediments from the Holder in the cases, and under the conditions, specified in art. 20 of the GDPR.

13. Exercising one’s rights

Requests to exercise one’s rights indicated in this statement, including, in particular, the right to deletion and withdrawal of consensus given, should be addressed to the Holder at the following e-mail privacy@drvranjes.it. Alternatively, it is possible to exercise one’s rights by sending relative communication by registered return post letter to Via S. Pertini, 5 - Località Antella 50012 Bagno a Ripoli (Florence).

14. Statement accessibility

The statement can be accessed at https://drvranjes.com/eu/privacy-policy, as well as from the Holder. If expressly requested by the person in question, the information can also be verbally communicated over the phone to the Holder, as long as the identity of the person in question has been established.

Data Holder is Dr. Vranjes Firenze S.p.A. No representative has been appointed as the Holder is based in Italy.

2. Contact details of the person in charge of the data protection

The Holder has placed Andrea d’Anna in charge of data protection and can be contacted at the holder’s head offices or via e-mail at dpo@drvranjes.it

3. Data handling methods

3.1 Cookie and environmental data

TECHNICAL COOKIES

Navigation, functional and session cookies: allow the site to work properly. Use of so called session cookies (that are not stored permanently on the device in question and are automatically deleted when the browser is shut down) is strictly limited to the transmission of identification codes for the individual sessions and is employed for the safe and efficient use of the site. They can be divided into:

- activities strictly required for operational purposes: cookies used to save the User session and carry out other activities solely required to operate the application, for example in relation to the distribution of traffic;- saving preferences, optimisation and statistics activities: cookies used to save the browsing preferences and optimise the User’s browsing experience. These Cookies include, for example, those for language setting and the assessment or management of statistics by the site's Holder.

Statistical cookies: the site uses statistical cookies created directly by the data holder, as first party, or supplied by third parties. In the latter case, suitable measures have been adopted to reduce identification power, via the masking of significant parts of the IP addresses handled. Furthermore, the use of these third party statistical cookies is dependent on contractual limitations that commit the third party to use them exclusively for providing the service, storing them separately and not “enriching them” or “intersecting them” with other information that they are in possession of. As far as the Google Analytics cookies are specifically concerned, the information that can be retrieved from the cookies on the use of the site by users will be transmitted by the browser of the person in question to Google Inc. based in 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States and stored in the company’s servers.

The Google privacy regulations that we would ask you to read can be found at the following address:

Browsing data and environmental variables: The computing systems and procedures designated to operating the site, automatically acquire certain personal data about the browsing of the person in question, during regular operations, including environmental variables. Some examples of the data in this category include:

IP addresses of the computers employed by the user availing themselves of the service;

number of accesses;

pages viewed;

date and time when access was made;

URL where the browser was before displaying this page;

browser type;

operational system used.

NON-TECHNICAL COOKIES

Profiling cookies: the site uses profiling cookies supplied by third parties. In detail, the following are used:

- interaction with social networks and external platforms: this kind of service allows you to interact with social networks, or with other external platforms, directly from this application’s pages. The interaction and information acquired by this application is, in any case, subject to the User's privacy settings specific to each social network.

If an interaction service with the social networks is installed, it is possible that, even if Users do not use the service, traffic data will still be collected regarding the pages where it is installed.

AddThis (Addthis Inc.): is a service provided by Clearspring Technologies Inc. that displays a widget that allows for interaction with social networks and external platforms and sharing the contents of this application. Depending on the configuration, this service can show widgets belonging to third parties, for example, handlers of social networks on which to share the interactions. In this case, even third parties that distribute widgets will be informed of the interaction made and the data used relative to the pages on which this service is installed.

Re-marketing and behavioural targeting: allows this application and its partners to communicate, optimise and provide adverts based on past use made of this Application by the User. This activity is performed by tracing the data used and the use of cookies, information that is transferred to partners with whom the activity of re-marketing and behavioural targeting is linked. In addition to the possibilities of carrying out opt-outs offered by the services given below, the User can opt to exclude receipt of cookies linked to a third party service, by visiting the Network Advertising Initiative opt-out page.

Facebook Re-marketing (Facebook, Inc.): is a Re-marketing and Behavioural Targeting service provided by Facebook, Inc. that links the activity of this Application to the Facebook advertising network.

AdWords Re-marketing (Google, Inc.): is a Re-marketing and Behavioural Targeting service provided by Google Inc. that links the activity of this Application to the AdWords advertising network and Doubleclick Cookie.

- Statistics: the services contained in this section allow the Data Holder to monitor and analyse the traffic data and are used to keep track of the User’s behaviour.

Google Analytics with anonymised IP (Google Inc.): is a web analysis service provided by Google Inc. (“Google”). Google uses the Personal Data collected to track and examine the use of this Application as well as fill in reports and share them with other services developed by Google. Google could use the Personal Data to contextualise and personalise the adverts on its own advertising network. This Google Analytics integration makes your IP address anonymous. Anonymisation works by abbreviating the User’s IP address within the confines of EU member states or other countries adhering to the European Economic Space agreement. Only in exceptional cases will the IP address be sent to Google servers and abbreviated in the United States. Personal Data collected: Cookies and Data used.

Monitoring of Facebook Ads conversions (Facebook, Inc.): is a service of statistics provided by Facebook, Inc. that links the data from the network of Facebook adverts with the actions carried out within this Application.

The optional data freely provided by the person in question by sending an e-mail to the addresses on the site can be acquired for the ends indicated in point 4.

In particular, as well as the e-mail address needed to reply to the sender, other personal data contained in the relative communication will be handled.

4. Handling purposes and juridical basis for handling

In order to send direct marketing communications, newsletters, advertising, via traditional contact systems and automated IT systems, including sales or advertising communications via e-mail or SMS, or for market research and analysis. In this case, it is the consensus, expressed in compliance with this statement, that represents a juridical foundation.

For profiling activity and to establish habits and preferences. In this case, it is the consensus, expressed in compliance with this statement, that represents a juridical foundation.

Only data provided by the person in question will be handled, in compliance with this regulation, collected from the website.

7. Recipients and possible categories of personal data recipients

Recipients of the person in question’s personal data could be:

communication firms that carry out commercial communication and profiling work on behalf of the Holder and appointed to handle the data;

firms that offer IT company services, in particular, those that offer hosting services.

8. Data categories

The personal data of the person in question will be handled.

9. Data transfer

The Holder's intention is to transfer personal data to a third party Country or international organisation. These subjects could be represented, for example, by

communication firms that perform communication work for the Holder;

firms that offer IT company services, including, in particular, those that offer hosting services;

communication firm service suppliers.

Transfer of personal data to these subjects, if settled in a third party Country or international organisation, is done in the presence of an adequacy decision from the European Commission that has assessed how the third party Country, territory or one or more specific sectors within the third party Country, or international organisation in question, guarantee a suitable level of protection of its rights. In any case, the Holder – should they see fit – reserves the right to finalise specific separate agreements that oblige these subjects to adopt adequate safety measures, including organisational safety measures, aimed at providing appropriated guarantees of their rights. In particular, Google Inc. is contractually bound to guarantee suitable protection of the rights of the person in question. The data could, therefore, be transferred to the following countries: UK and United States of America. In order to receive a copy of this data or the place where it has been made available, just send a request to the following e-mail privacy@drvranjes.it.

10. Storage period of personal data

The personal data handled for marketing purposes is handled and stored until the person in question revokes consensus or requests its deletion.

Personal data handled for the purpose of establishing preferences is handled and stored for a period no longer than 12 months from when it was collected.

The Holder reserves the right, in any case, to request that the party in question renew their consensus for data handling and/or checks the consensus already expressed.

11. Option to provide consensus and consequences of denied consensus

With regard to handling personal data for marketing purposes, the communication of personal data is not a contractual requirement. Providing personal data is optional; however, if this data is not communicated, no marketing activities will be possible;

With regard to handling personal data for profiling purposes, the communication of personal data is not a contractual requirement. Providing personal data is optional; however, if this data is not communicated, no profiling activities will be possible.

12. Rights of the person in question

12.1 Right to oppose

With regard to the personal data handled via technical cookies in order to allow for the website to work properly, communication of personal data is not a contractual obligation, but one founded on the Holder's legitimate interest, in as much as, without consensus to handle the data, it will not be possible to provide a perfectly functioning website.

Consensus should be considered optional in relation to non-technical cookies. In the latter case, failed communication of this data will only result in the impossibility to provide a personalised service. In relation to data provide voluntarily via e-mail, consensus should be considered optional. However, failure to communicate this data will make it impossible to reply to the person in question;

In relation to the data communicated for contractual and pre-contractual purposes, the communication of personal data is a contractual obligation and a requirement for carrying out the pre-contractual negotiations and to finalise the contract. The person in question has the option to provide personal data; however, in the absence of this data being communicated, it will not be possible to finalise any contract or carry out any contractual negotiations;

With regard to data provided voluntarily via e-mail, failure to communicate this will make it impossible to reply to the person in question.

12.2 Other rights

The Holder also intends to inform the person in question of the existence of the following rights in his/her favour:

Right of access by the person in question: the person in question has the right to obtain confirmation from the Holder that personal data regarding him/her is being handled and, if this is the case, to obtain access to the personal data and specific information, in compliance with art. 15 of the GDPR.

Amendment right: the person in question has the right to obtain an amendment of inaccurate personal data that regards him/her without undue delay. Having taken into account the purposes of handling the data, the person in question has the right to obtain the integration of incomplete personal data, by even providing a supplementary declaration, in compliance with art. 16 of the GDPR.

Right to data deletion, including the right to withdraw consensus: the person in question has the right to have his/her personal data deleted by the Holder without undue delay and the Holder is obliged to delete this personal data without undue delay, or to withdraw consensus, if the reasons defined in art. 17 of the GDPR are present. As far as the right to withdrawal is concerned, the person in question also has the right to withdraw consensus at any time without compromising the legitimacy of the handling based on the consensus presented prior to withdrawal.

Right of data handling limitation: the person in question has the right to obtain a limitation from the Holder on the handling of the data when the circumstances set out in art. 18 of the GDPR are resorted to.

Right to data portability: the person in question has the right to receive the data regarding them in a structured format, for common use and legible from automatic devices, provided by the Holder and has the right to transmit this data to another holder without impediments from the Holder in the cases, and under the conditions, specified in art. 20 of the GDPR.

13. Exercising one’s rights

Requests to exercise one’s rights indicated in this statement, including, in particular, the right to deletion and withdrawal of consensus given, should be addressed to the Holder at the following e-mail privacy@drvranjes.it. Alternatively, it is possible to exercise one’s rights by sending relative communication by registered return post letter to Via S. Pertini, 5 - Località Antella 50012 Bagno a Ripoli (Florence).

14. Statement accessibility

The statement can be accessed at https://drvranjes.com/eu/privacy-policy, as well as from the Holder. If expressly requested by the person in question, the information can also be verbally communicated over the phone to the Holder, as long as the identity of the person in question has been established.